Weak Permissions in Ceph Client Configuration by Ceph
CVE-2015-3010

Currently unrated

Key Information:

Vendor

Ceph

Status
Ceph-deploy
Vendor
CVE Published:
16 June 2015

What is CVE-2015-3010?

Ceph-deploy versions prior to 1.5.23 have a vulnerability where the permissions of the ceph.client.admin.keyring file are configured as world-readable, set at 644. This misconfiguration exposes sensitive credentials, allowing local users to read the file and potentially compromise security. Admins should ensure that proper permission settings are implemented to safeguard sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2015/04/09/11
mailing-listx_refsource_MLIST
https://bugzilla.suse.com/show_bug.cgi?id=920926
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.